Announcing Amazon Route 53 Accelerated Recovery for managing public DNS records

AWS announced the launch of accelerated recovery for managing public Domain Name System (DNS) records, a new Amazon Route 53 feature that targets a 60-minute Recovery Time Objective (RTO) for your DNS operations in the unlikely event of service disruptions in the N. Virginia Region (us-east-1). This feature ensures continuity for your critical workloads by allowing you to regain the ability to make DNS record changes even during regional service unavailability.

During a previous regional disruption in us-east-1, Route 53’s globally distributed data plane designed for a 100% availability service level agreement (SLA) continued to serve DNS queries reliably, allowing configured health checks and automatic failover routing policies to function normally. Customers were also able to use Amazon Application Recovery Controller (ARC) to initiate a failover using a highly available data plane API. However, Route 53’s control plane operated exclusively from the us-east-1 Region, preventing customers from making new DNS record changes. This meant that organizations couldn’t update their DNS configurations to respond to changing conditions, provision new resources, or implement manual failover strategies not previously configured. Despite having multi-region application deployments and functioning DNS resolution, the inability to create, update, and delete DNS records during these events limited customers’ disaster recovery options.

Introducing Accelerated Recovery for managing public DNS records

With accelerated recovery for public hosted zones, customers can regain the ability to make DNS record changes within 60 minutes of a regional disruption. Accelerated recovery achieves built-in failover of the Route 53 control plane to the Oregon Region (us-west-2). This opt-in feature that can be enabled for any Public hosted zone allows you to continue managing your DNS records even when the primary N. Virginia Region (us-east-1) experiences service disruptions.

Key benefits of this feature include:

• Simplified disaster recovery: Maintain control of your DNS infrastructure during regional events.
• Targeted 60-minute RTO: This feature is designed to give you the ability to make DNS changes within 60 minutes of a regional disruption. This allows you to continue provisioning infrastructure and updating DNS records without extended delays.
• Familiar API endpoints: Use the same Route 53 API endpoints you already use today.

By enabling accelerated recovery, you maintain the ability to respond to changing conditions and implement manual failover strategies not previously configured.

Accelerated recovery complements Route 53’s already robust data plane, which continues to serve DNS queries globally even during control plane disruptions. Now, both the data plane and control plane offer enhanced resilience for your critical DNS infrastructure.

How Accelerated Recovery works

You can use different capabilities that enable DNS resiliency without dependency on the Amazon Route 53 control plane. These include utilizing Route 53 Health Checks, Amazon Application Recovery Controller (ARC), and the Standby Takes Over Primary (STOP) pattern. These capabilities are proactive solutions that rely on Static stability using pre-configured settings, health checks, and failover mechanisms established ahead of time and achieve a faster RTO. However, for some customers these proactive capabilities are not always sufficient to deal with unplanned events. For customers who require a higher level of redundancy for making DNS changes in the control plane during a N. Virginia Region (us-east-1) incident when continuous configuration changes are necessary, we have built Accelerated Recovery.

When you enable Accelerated Recovery in public hosted zones, Amazon Route 53 replicates the public hosted zone from the primary N. Virginia Region (us-east-1) to the Oregon Region (us-west-2). If services in N. Virginia Region (us-east-1) become unavailable, Amazon Route 53 triggers failover and routes DNS control plane requests to the healthy secondary Region without requiring you to take any action. After the primary Region recovers, Amazon Route 53 orchestrates the failback, see Figure 1.

Figure 1: Amazon Route 53 control plane and data plane

During a failover, public hosted zones protected by Accelerated Recovery will not lose existing DNS records that were replicated to the secondary Region before disruption. However, DNS control plane changes sent to Route 53 while the N. Virginia Region is in a degraded state and before a failover to the Oregon Region completes may not be retained by Route 53. These in-flight changes are referred to as “stranded changes” (Figure 2).

Figure 2: Timeline of an event and potential Stranded changes

Prior to failover, the Route 53 API may respond with a HTTP 200 OK status, acknowledging that your DNS changes were received by the primary control plane. However, these changes will not propagate to the data plane due to the N. Virginia Region impairment and are “stranded” in the N. Virginia Region. You can check for stranded changes using the Route 53 GetChange API even during Region failover.

The following example of a GetChange API/CLI call verifies the status of a DNS change with id CWPIK4URU2I5S across primary and secondary Regions:

aws route53 get-change --id CWPIK4URU2I5S

The API response for GetChange indicates INSYNC when a DNS change has been successfully replicated to the secondary Region and applied to all Route 53 data plane DNS servers, or PENDING otherwise. Under normal conditions, changes reach INSYNC status typically within 60 seconds. During a regional disruption, changes will remain in PENDING status. These are the stranded changes described earlier. When the GetChange API returns an INSYNC status, you can be confident that your DNS clients will see the latest DNS data and that these changes are durable and will not be lost during a failover.

After Route 53 completes the failover to the Oregon Region, you can resume making DNS changes to Accelerated Recovery-protected hosted zones, and these changes will be applied globally. Any changes that became stranded during the disruption (those in PENDING status) must be resubmitted manually. Please refer to the Accelerated recovery documentation on how to track and resubmit DNS changes.

Route 53 cannot reconcile stranded changes after a failback to the N. Virginia Region. Stranded changes that were not resubmitted before the failback are discarded. For more information about managing Route 53 records refer to AWS documentation.

Getting Started with Accelerated Recovery

You can enable the feature by editing an existing public hosted zone using the AWS Management Console, AWS SDK, or AWS API.

To enable accelerated recovery for a public hosted zone, click the Enable option under Accelerated Recovery in the Console (Figure 3) and then Save Changes. Enabling accelerated recovery will take several minutes and you will see the status of your public hosted zone change to Enabling Accelerated Recovery. The time it takes to enable accelerated recovery will depend on the size of your public hosted zone. You can check on the status of the enablement process in the Accelerated recovery tab of your public hosted zone or via the GetHostedZone API. As the process finalizes, there will be a brief period lasting up to several minutes where DNS changes are not accepted. Once the process completes, you will see the status change to Enabled.

For further information, you can refer to the accelerated recovery documentation.

Figure 3: Accelerated recovery option for a public hosted zone

To disable the feature, click the Disable option under Accelerated Recovery and then Save Changes.

You can also enable and disable this feature with the AcceleratedRecovery option using APIs/CLI.

The following are a few examples:

Enabling on an existing Public Hosted Zone, with Hosted Zone ID – Z04195333A4MFRPAU63KG:

aws route53 update-hosted-zone-features --enable-accelerated-recovery --hosted-zone-id Z04195333A4MFRPAU63KG

Disabling on an existing Public Hosted Zone, with Hosted Zone ID – Z04195333A4MFRPAU63KG:

aws route53 update-hosted-zone-features –-no-enable-accelerated-recovery --hosted-zone-id Z04195333A4MFRPAU63KG

Checking the status of Accelerated Recovery on an existing Public Hosted Zone, with Hosted Zone ID – Z04195333A4MFRPAU63KG:

aws route53 get-hosted-zone --id Z04195333A4MFRPAU63KG

For a complete list of APIs that will be available after failover to Oregon Region, please refer to the accelerated recovery documentation. All Route 53 API actions will be available after a failback to N. Virginia Region.

Use cases

Organizations maintain legacy applications that cannot be easily updated to implement fully automated failover mechanisms. Replacing or migrating these applications is often expensive, making manual DNS updates a necessary part of your disaster recovery strategy. We also see some organizations operate with just-in-time provisioning models that require the ability to create or update DNS records dynamically in response to events. Following are a few use cases where we see this feature delivering significant benefits:

Uptime and availability

Financial institutions maintain rigorous uptime standards that necessitate specific recovery time objectives for critical systems. By enabling accelerated recovery for their public hosted zones, financial service providers can maintain DNS operations even during regional disruptions. This ensures they can continue updating DNS records to direct customers to available services and implement disaster recovery procedures. The ability to make DNS changes within a targeted 60-minute window provides these organizations with the certainty needed for their business continuity plans. During regional events, they can continue provisioning infrastructure and updating DNS records to maintain service availability for payment processing, online banking, and trading platforms among other applications and use cases.

Infrastructure Management

Software as a Service (SaaS) providers operating at scale face unique challenges when managing their global infrastructure. While Route 53 health checks and Application Recovery Controller (ARC) provide automated failover capabilities, these solutions can become difficult to maintain and operate at scale. SaaS providers can now use accelerated recovery to ensure they maintain control plane access for critical DNS operations. This enables them to continue their standard infrastructure provisioning workflows even during regional events. This capability is particularly valuable for continuous deployment pipelines that rely on frequent DNS updates as part of their infrastructure management strategy.

Regulatory Compliance and Audit

Organizations in highly regulated industries, such as Healthcare, Financial Services and Telecommunications must demonstrate robust business continuity capabilities during compliance audits. Accelerated recovery for public hosted zones provides documented evidence of DNS resilience with a predictable recovery time objective. This helps satisfy auditor requirements for critical infrastructure components and strengthens an organization’s overall compliance posture. The targeted 60-minute RTO allows compliance teams to document specific recovery time frames in their business continuity plans, providing greater certainty during audit reviews.

Considerations

1. As of this writing, accelerated recovery is not supported for Route 53 private hosted zones.
2. As of this writing, DNSSEC cannot be enabled/disabled on an accelerated recovery-enabled zone when Oregon Region is acting as the primary control plane.
3. In case of a disruption, some Route 53 APIs won’t be available, refer to the documentation for the list of APIs affected in a failover event.
4. During the process of enabling and disabling Accelerated Recovery, your public hosted zone will be locked for up to 5 minutes. No changes can be made to the hosted zone during this period.
5. It is only possible to enable Accelerated Recovery in one public hosted zone per account at a time. Refer to the documentation for error handling.
6. In case of a disruption, Route 53 API latency may increase, depending on your geographic location. This is because control plane’s primary N. Virginia Region will be using Oregon Region.

Conclusion

With the introduction of accelerated recovery for public hosted zones, you now have a reliable method to ensure DNS management continuity during regional disruptions. This feature is designed to provide a predictable 60-minute recovery time objective for your Route 53 control plane operations, addressing a critical aspect of business continuity planning. Accelerated recovery for managing DNS records in public hosted zones is now available in the AWS commercial Regions, except AWS GovCloud and China Regions. There is no additional charge for using this feature. To learn more about accelerated recovery, refer to the Route 53 documentation. If you have questions about this post, start a new thread on AWS re:Post or contact AWS Support.

About the authors